MFA is essential: Why a hardware token can make all the difference

On the first weekend in June, a hacker attack on the networks of the CDU (Christian Democratic Union), a major political party in Germany, became known. According to numerous media reports, it was a severe professional cyberattack; the party leader Friedrich Merz described it as the "most serious attack" on a party's infrastructure in Germany. Initial findings suggest that the perpetrators were able to move undetected within the network for about 14 days, gaining access to critical data.

As reported by IT news site Heise Online, the entry point for the cybercriminals was a security vulnerability within a VPN (Virtual Private Network) software. This is supported by a security warning issued by the BSI (Federal Office for Information Security) on June 3rd. The warning clarifies that only users who access the VPN with just local username/password combinations are at risk. And this is exactly where the problem lies!

Despite steadily increasing hacker attacks, awareness of cybersecurity among authorities, companies, and public institutions remains far too low. Even the upcoming EU cybersecurity directive NIS-2 does not seem to have led to widespread rethinking. This is despite the directive mandating the implementation of Multi-Factor Authentication (MFA) for digital access.

The "CDU hack" clearly shows that a password alone does not provide sufficient protection against threats – at least one additional factor is needed. It is both shocking and sobering that the cyberattack on the CDU could have been prevented by a simple hardware token. For good reason, both the BSI and the affected VPN provider recommend using "additional authentication mechanisms."

Once again, it becomes clear: Multi-factor authentication is essential. The choice of the appropriate solution – whether software-based via smartphone or hardware-based through FIDO tokens – is up to the users. Especially for companies and organizations with numerous employees, tokens based on the established FIDO2 standard offer a cost-effective and easy-to-use MFA method that also guarantees the best possible security.

However, more important than the choice of MFA technology is the urgency to act now. In the race against hackers, waiting is not an option, and the next cyberattack should not be the reason to finally tackle cybersecurity with the necessary determination.

Learn more:

Swissbit’s solution: The iShield Key Pro

White Paper: MFA - Meet NIS2 requirements, avoid liability risks (for registered users, log in or create an account for free)